CVE-2020-15158
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2020-15158. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1EPSS Score
v2025.03.14There is a 2.4% chance that this vulnerability will be exploited in the wild within the next 30 days.
Attack Vector Metrics
Impact Metrics
Description
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when available. As a workaround changes of commit 033ab5b can be applied to older versions.